On 27 June 2013 21:34, Peter Rathlev <peter at rathlev.dk> wrote:
> The client can spoof a vendor-class-identifier along with the MAC
> address so security still isn't perfect even with that selection. The
> modem and CMTS could theoretically enforce something using option 82.
I've already have it resolved on the modem side, so the customer isn't
able to use spoofed MAC.
I also wanted to do it on the dhcp server side just in case.
> You might achieve what you describe though, but using a compound class
> match statement:
> Word on the street is that this doesn't scale; if you have more than a
> few hundred clients you probably need to rethink this.
I've got a few thousands customers, so it doesn't fit.
> You could take at look at this:
>>http://www.miquels.cistron.nl/isc-dhcpd/
Great, thank you for the link and for your response.